Written by Breton Chan, Privasec's Marketing Executive
“Cyber security is a confluence between technology, process and people – with adequate and accurate education of an organisation’s people possibly being the most important facet.”
Cyber Hygiene is not just a top-down management-driven approach to compliance with MAS guidelines; we can adopt best-in-class technologies and refine the processes that make use of the former, but the third and perhaps most important pillar in a proper cybersecurity framework is the people.
With proper education in the specifics of a security-first approach to business operations, staff will be able to gain an appreciation of the importance of technology risk management. A well-rounded, comprehensive cyber hygiene strategy involves all roles within a business, not just depending on management-level oversight.
Having all personnel know the risks and responsibilities attached to their own roles (and also that of their colleagues’) provides oversight at all levels and endpoints of the business process. This translates to the best-case scenario when it comes to safeguarding the integrity of critical information such as client PIIs and mitigating any potential breaches by malicious actors.
In our opinion, an effective training plan is one that can correctly prescribe updated processes to staff duties and scope on a manageable and realistic timeline. The results at every milestone are clearly defined, showing the measures taken to mitigate cyber risks and/or build cyber resilience capabilities. Of course, the plan must be aligned strongly with the business’ objectives, available resources and set timelines; this is to ensure that improving cyber security does not come at the cost of hindering business’ goals and rendering it counterproductive.